<?php

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */

session_start();

if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
    $login = "";
    header("Location: login.php");
} else {
    $login = $_SESSION['login'];
}

$errorMessage = "";
$num_rows = 0;
$used = "";

include 'i_functions.php';

if ($_SERVER['REQUEST_METHOD'] == 'POST') {


    $user_name = "root";
    $pass_word = "haddons";
    $database = "PPI";
    $server = "127.0.0.1";

    $db_handle = mysql_connect($server, $user_name, $pass_word);
    $db_found = mysql_select_db($database, $db_handle);

    if ($db_found) {
        //====================================================================
        //	GET data from form AND CHECK FOR DANGEROUS CHARCTERS
        //====================================================================

        $client_ID = $_POST['client_ID'];
        $title1 = quote_smart($_POST['title1'], $db_handle);
        $title2 = quote_smart($_POST['title2'], $db_handle);
        $fname1 = quote_smart($_POST['fname1'], $db_handle);
        $fname2 = quote_smart($_POST['fname2'], $db_handle);
        $lname1 = quote_smart($_POST['lname1'], $db_handle);
        $lname2 = quote_smart($_POST['lname2'], $db_handle);
        $telno1 = quote_smart($_POST['telno1'], $db_handle);
        $telno2 = quote_smart($_POST['telno2'], $db_handle);
        $email1 = quote_smart($_POST['email1'], $db_handle);
        $email2 = quote_smart($_POST['email2'], $db_handle);
        $house = quote_smart($_POST['house'], $db_handle);
        $street = quote_smart($_POST['street'], $db_handle);
        $town = quote_smart($_POST['town'], $db_handle);
        $county = quote_smart($_POST['county'], $db_handle);
        $postcode = quote_smart($_POST['postcode'], $db_handle);
        $mobile = quote_smart("", $db_handle);
        //$mobile = $_POST['mobile'];

//test to see if $errorMessage is blank
//if it is, then we can go ahead with the rest of the code
//if it's not, we can display the error
        //====================================================================
        //	Write to the database
        //====================================================================
        //if ($errorMessage == "") {

        $errorMessage = "adding to client file<br>";

        if ($client_ID == "NEW") {
            print "New client<br>";
            $Action = "I";
            $SQL = "INSERT INTO `PPI`.`client` (
            `CreateBy`, 
            `Title`, 
            `FirstNames`, 
            `Surname`, 
            `TelNo`, 
            `Email`, 
            `House`, 
            `Street`, 
            `Town`, 
            `County`, 
            `Postcode`, 
            `Mobile`, 
            `OtherTitle`, 
            `OtherFirstNames`, 
            `OtherSurname`, 
            `OtherTelno`, 
            `OtherEmail`
            ) VALUES (
            '$login', 
            $title1, 
            $fname1, 
            $lname1, 
            $telno1, 
            $email1, 
            $house, 
            $street, 
            $town, 
            $county, 
            $postcode, 
            $mobile, 
            $title2, 
            $fname2, 
            $lname2, 
            $telno2,
            $email2    
            )";
        } else {
            print "updating client" . $client_ID . "<br>";
            $Action = "U";
            $SQL = "UPDATE `PPI`.`client` SET  
            `Title`= $title1, 
            `FirstNames`=$fname1, 
            `Surname`=$lname1, 
            `TelNo`=$telno1, 
            `Email`=$email1, 
            `House`=$house, 
            `Street`=$street, 
            `Town`=$town, 
            `County`=$county, 
            `Postcode`=$postcode, 
            `Mobile`=$mobile, 
            `OtherTitle`=$title2, 
            `OtherFirstNames`=$fname2, 
            `OtherSurname`=$lname2, 
            `OtherTelno`=$telno2,
            `OtherEmail`=$email2 
            WHERE `ID`='$client_ID'";
        }

        print $SQL . "<br>";
        $iresult = mysql_query($SQL);
        print "iresult=" . $iresult . ".";
        if ($client_ID == "NEW") {$client_ID = mysql_insert_id();}  
        logger($login, "client", $client_ID, $Action);

        mysql_close($db_handle);
    }
}
?>